Firewall Wizards mailing list archives
Re: tcpdump installation on unix firewall?
From: Robert Graham <robert_david_graham () yahoo com>
Date: Fri, 27 Aug 1999 17:43:13 -0700 (PDT)
--- Andreas.Bolatzki () ch danzas com wrote:
Do you consider it an utterly bad idea to install a packet sniffer on a firewall.
I do this. I don't use 'tcpdump', though.
Why would I want to do this? Perhaps you know this already: If sth. is not working it's either the firewall or the network. I need a tool to proove what's going on... Badly performing server, find out what normal traffic is for an application (data volume, traffic profile for one request....) and more of this kind.
More to the point: Firewalls tend to log only rejected packets. However, if you want to study attacks or have evidence around that can be used to prosecute people, you really need to have the entire packets, not just processed header info.
Does it interfere with the FW-1 software?
Probably not. However, it can slow down the system. A better solution would be to set up a separate system logging the packets "promiscuously", monitoring the same wire as the firewall, but not actually installed on the firewall. === Robert Graham "Anxiously awaiting the millenium so I can start programming dates with 2-digits again." __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
Current thread:
- tcpdump installation on unix firewall? Andreas . Bolatzki (Aug 27)
- Re: tcpdump installation on unix firewall? Matt Curtin (Aug 30)
- Re: tcpdump installation on unix firewall? Siglite (Aug 30)
- <Possible follow-ups>
- Re: tcpdump installation on unix firewall? Robert Graham (Aug 30)
- Re: tcpdump installation on unix firewall? Lance Spitzner (Aug 31)
- Re: tcpdump installation on unix firewall? Peter J. Cherny (Aug 30)
- RE: tcpdump installation on unix firewall? jan . schultheiss (Aug 30)
- RE: tcpdump installation on unix firewall? Mason Begley (Aug 31)